Apple Patches 'Highly Critical' OS X, iChat Vulnerabilities

By Matt Hines |
Posted 02-16-2007

Apple shipped a set of four security updates on Feb. 15 meant to plug a list of vulnerabilities in its Mac OS X operating system and iChat messaging software, and some researchers are calling the release highly critical.

Among the four problems reported by Apple were two that company officials said could allow malicious attackers to exploit code on affected computers.

Cupertino, Calif.-based Apple specifically moved to shutter security flaws that were identified as part the Month of Apple Bugs research project, which was launched in January.

The security initiative was orchestrated by Kevin Finisterre, a longtime investigator of the computer maker's operating system who is also credited by name in the latest security bulletin, and a researcher identified only by the screen name "LMH," who spearheaded the Month of Kernel Bugs project in November 2006.

Apple noted that proof-of-concept exploit code for all four of the security issues addressed in the bulletin was previously posted at the Month of Apple Bugs Web site.

One of the two most serious vulnerabilities addressed by Apple affects the Finder feature in Mac OS X and Mac OS X Server software versions 10.4.8, and could lead to remote code execution if it is not patched, according to the computer maker. The company said that a buffer overflow issue in the Finder's handling of volume names could be exploited using a specially crafted disk image designed to attack the flaw.

Of the two problems Apple moved to fix in iChat, one could lead to code execution on unprotected machines, according to the company. Apple highlighted a format string vulnerability in the iChat AIM URL handler that could be triggered using a specially crafted URL and may lead the program to crash or become infected. The problem is specifically present in copies of iChat included in the version 10.3.9 and 10.4.8 releases of Mac OS X and Mac OS X Server, Apple reported.

A second iChat issue, found in the same versions of the OS X desktop and server software, could allow attackers on the same local network as someone using the products to crash the messaging application. The problem is related to a null pointer dereference in iChat's Bonjour message handling, company officials said.

The fourth security update, which affects the same versions of Apple's OS products, involves an issue in the software's UserNotificationCenter process that could allow someone working on the same local network as an affected user to overwrite or modify their computer's system files.

There are still several security flaws that were detailed by the Month of Apple Bugs initiative that the computer maker has not issued patches for, though it has followed up on a majority of the problems outlined by the researchers.

On Jan. 25, Apple shipped an update to its Airport wireless software to fix a kernel issue that could allow attackers to cause system crashes in affected devices. The patch arrived almost two months after the issue was first reported by LMH and his Month of Kernel Bugs researchers in November.

In that case, Apple credited the otherwise anonymous researcher for reporting the issue, but interestingly the bulletin arrived only one day after the company released a QuickTime update to fix a flaw exposed by LMH for which it did not acknowledge the controversial researcher.

While security researchers have long set their sights primarily on finding and reporting vulnerabilities in Microsoft products, the experts have more recently begun focusing their efforts on identifying flaws in Apple's software. As a result, the company has been forced to issue a growing number of product updates over the last six months.

Check out eWEEK.com's Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK's Security Watch blog.